CVE-2007-4476 – GNU TAR 1.15.91 / CPIO 2.5.90 - 'safer_name_suffix' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-4476
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack." Desbordamiento de búfer en la función safer_name_suffix en GNU tar tienen un vector de ataque sin especificar y un impacto, teniendo como resultado una "caida de pila". • https://www.exploit-db.com/exploits/30766 http://bugs.gentoo.org/show_bug.cgi?id=196978 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://secunia.com/advisories/26674 http://secunia.com/advisories/26987 http://secunia.com/advisories/27331 http://secunia.com/advisories/27453 http://secunia.com/advisories/27514 http://secunia.com/advisories/27681 http://secunia.com/advisories/27857 http:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-4657
https://notcve.org/view.php?id=CVE-2007-4657
Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996. Múltiples desbordamientos de entero en PHP 4 anterior a 4.4.8, y PHP 5 anterior a 5.2.4, permite a atacantes remotos obtener información sensible (contenido de memoria) o provocar denegación de servicio (caida de hilo) a través de un valor de len grande en la función (1) strspn o (2) strcspn, lo cual dispara un lectura fuera de límite. NOTA: estos afecta a diferentes versiones de producto que al CVE-2007-3996. • http://secunia.com/advisories/26642 http://secunia.com/advisories/26822 http://secunia.com/advisories/26838 http://secunia.com/advisories/27102 http://secunia.com/advisories/27377 http://secunia.com/advisories/27864 http://secunia.com/advisories/28249 http://secunia.com/advisories/28318 http://secunia.com/advisories/28936 http://secunia.com/advisories/30288 http://secweb.se/en/advisories/php-strcspn-information-leak-vulnerability http://slackware.com/security/viewer.php?l=slackware& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-189: Numeric Errors •
CVE-2007-3998 – php floating point exception inside wordwrap
https://notcve.org/view.php?id=CVE-2007-3998
The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set. La función wordwrap del PHP 4 anterior al 4.4.8 y el PHP 5 anterior al 5.2.4, no utiliza correctamente la variable breakcharlen, lo que permite a atacantes remotos provocar una denegación de servicio (error de división por cero y caída de la aplicación o bucle infinito) a través de ciertos argumentos, como lo demostrado con el establecimiento del argumento 'chr(0), 0, ""'. • http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html http://rhn.redhat.com/errata/RHSA-2007-0889.html http://secunia.com/advisories/26642 http://secunia.com/advisories/26822 http://secunia.com/advisories/26838 http://secunia.com/advisories/26871 http://secunia.com/advisories/26895 http://secunia.com/advisories/26930 http://secunia.com/advisories/26967 http://secunia.com/advisories/27102 http://secunia.com/advisories/27377 http://secunia.com/advisories/2 • CWE-20: Improper Input Validation •
CVE-2007-2797 – (mesg: error: tty device is not owned by group `tty')
https://notcve.org/view.php?id=CVE-2007-2797
xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in Debian GNU/Linux, sets the wrong group ownership of tty devices, which allows local users to write data to other users' terminals. xterm, incluido en 192-7.el4 en Red Hat Enterprise Linux y 208-3.1 en Debian GNU/Linux, fija la propiedad incorrecta al grupo de los dispositivos tty, lo cual permite a usuarios locales escribir datos en los terminales de otros usuarios. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=349924 http://secunia.com/advisories/26562 http://secunia.com/advisories/27617 http://secunia.com/advisories/27921 http://securityreason.com/securityalert/3066 http://support.avaya.com/elmodocs2/security/ASA-2007-490.htm http://www.redhat.com/support/errata/RHSA-2007-0701.html http://www.securityfocus.com/archive/1/477469/100/0/threaded http://www.securityfocus.com/archive/1/477632/100/100/threaded http://www.securityfocus.com& •
CVE-2007-3387 – xpdf integer overflow
https://notcve.org/view.php?id=CVE-2007-3387
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function. Un desbordamiento de enteros en la función StreamPredictor::StreamPredictor en xpdf versión 3.02, tal como es usado en (1) poppler anterior a versión 0.5.91, (2) gpdf anterior a versión 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, ( 6) PDFedit, y otros productos, podrían permitir que los atacantes remotos ejecuten código arbitrario por medio de un archivo PDF creado que causa un desbordamiento del búfer en la región stack de la memoria, en la función StreamPredictor::getNextLine. • ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc http://bugs.gentoo.org/show_bug.cgi?id=187139 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194 http://osvdb.org/40127 http://secunia.com/advisories/26188 http://secunia.com/advisories/26251 http://secunia.com/advisories/26254 http://secunia.com/advisories/26255 http://secunia.com/advisories/26257 http://secunia.com/advisories/26278 • CWE-190: Integer Overflow or Wraparound •